Skip to:

Information Technology Resources :

Policy/Guideline Area

Governance, Organization, and General Policies

Applicable Divisions

TCATs, Community Colleges, System Office, Board Members


The purpose of this policy is to establish the parameters for guidelines that will provide for creation and maintenance of a secure systems infrastructure, protect the confidentiality and integrity of electronic information and the privacy of system users, and ensure compliance with applicable state and federal laws.


  1. General Policy
    1. The Board of Regents shall rely on the Chief Executive Officers of the System and its institutions and the System and institutional chief information officers to develop, adapt, and administer the information technology resources of the System utilizing methods and procedures that promote operational efficiency and the advancement of learning.
    2. Guidelines shall be developed that articulate system-wide standards, procedures, and practices for key information technology processes.
      1. The System shall review industry best practices and, to the degree appropriate and applicable, incorporate best practice into information technology guidelines.
        1. It is the Board’s expectation that information technology guidelines shall address, but not be limited to, protection of personally identifiable information, acceptable use of system information technology resources, password requirements, timeliness of system maintenance activities, and access controls.
        2. Leadership in the development of system wide information technology guidelines shall be the responsibility of the System’s chief information officer.
  2. Supplementary Institutional Policies and Regulations
    1. TBR Institutions are authorized and encouraged to develop institution-specific policies and regulations relating to the use of information technology resources, provided such policies and regulations are consistent with Federal and State law and with this and other policies and guidelines of the Tennessee Board of Regents.
      1. In particular, institutions may develop policies and guidelines that are more stringent, but not less stringent, than the system policies and guidelines (e.g. required password character length may be longer than that stated in the system-level guideline but not less).
  3. Conformance with State Policies
    1. TBR policies and guidelines regarding information technology are intended to conform to best practices for institutions of higher education.
    2. To the extent practicable, the policies and guidelines should also align with the State of Tennessee’s information technology policies and guidelines established by the Office of Information Resources.
  4. Applicability
    1. Unless otherwise specified therein, this policy and associated guidelines shall apply to all persons and organizations accessing or using the information technology facilities and resources, including databases, owned, leased or administered by the TBR, including, but not limited to, all employees and contractors of the Tennessee Board of Regents and its constituent Institutions, and to all students enrolled at TBR Institutions.



T.C.A. § 49-8-203


TBR Board Meeting June 28, 2002; March 30, 2007; Complete revision, Board Meeting, September 26, 2014.

Related Policies